HL Chronicle of Data Protection

Posted on May 14th, 2013 By Barbara Bennett Posted in Consumer Privacy, International/EU Privacy

New York Times and Hogan Lovells Report from Berlin on Data Protection

Globe with fiber optics

The New York Times reported on May 13 that U.S. companies showed up in force at the International Data Protection Day conference that day in Berlin. The Times article also mentioned the presence of Hogan Lovells at the conference. In addition to the heightened interest in data protection evidenced by U.S. business that is described in the NY Times, the Berlin conference showcased the continued sparring between the EU and the U.S. on the adequacy of U.S. privacy laws and also provided a comprehensive update on data protection developments worldwide. The topics for the day began with the proposed EU data protection regulation and ended with U.S. privacy and security enforcement, with numerous developments in other countries sandwiched in between. Continue Reading

Posted on May 9th, 2013 By HL Chronicle of Data Protection Posted in Cybersecurity & Data Breaches

Cybersecurity Remains A Top Concern Facing Corporate Directors and General Counsel

For the second year in a row, corporate directors and general counsel have ranked cybersecurity as a top-of-mind concern. On May 8, Corporate Board Member and FTI Consulting released the results of their 2013 Law in the Boardroom survey of over 550 directors and general counsel. As the report notes, “the newest area of major concern continues a trend noted in last year’s study: data security and IT risk is one of the most significant issues for both directors and general counsel.” Hogan Lovells partner Harriet Pearson explained why cybersecurity has become a top-of-mind concern as part of her article on “Cybersecurity: the Corporate Counsel’s Agenda,” which presented a ten-point agenda for managing cyber risk.

The survey found that data security was a close second for both directors and general counsel on the list of issues that will keep them up at night. And more than a quarter of all respondents ranked cyber risk oversight as an area that will require their attention in 2013. These results are unsurprising given the past year’s heightened congressional and executive scrutiny on cybersecurity issues (e.g., congressional hearings on cybersecurity and NIST’s development of a Cybersecurity Framework), coupled with increasing media coverage of cybersecurity incidents such as this report on a coordinated “cyberheist” that stole $45 million from 2,904 ATMs in a matter of hours.

Posted on May 6th, 2013 By Eric Bukstein Posted in Consumer Privacy

FTC Votes to Retain July 1, 2013 COPPA Rule Compliance Date

Less than two weeks after providing additional guidance on the recent changes to the Children’s Online Privacy Protection Act (“COPPA”) Rule, in the form of updated Frequently Asked Questions, the Federal Trade Commission (“FTC”) voted unanimously to retain the July 1, 2013 effective date for the changes to the COPPA Rule. The Commission’s vote came in response to a letter from representatives of a number of trade associations and industry groups, including the Internet Association, the Interactive Advertising Bureau, the U.S. Chamber of Commerce, and the Application Developers Alliance. The letter asked the FTC to delay the compliance date for the changes to the COPPA Rule for six months – which would have made the new compliance date January 1, 2014 – in order to give businesses more time to comply with the revised rule’s new requirements. Continue Reading

Posted on May 1st, 2013 By HL Chronicle of Data Protection Posted in International/EU Privacy

Article 29 Working Party Issues Additional Guidance on BCRs for Data Processors

On April 19, the European Union’s Article 29 Working Party adopted Explanatory Document WP204 on processor Binding Corporate Rules (BCRs). Processor BCRs provide a new avenue for data controllers to transfer EU personal data to processors (such as cloud service providers) located in third countries not considered to ensure an adequate level of protection under the 1995 EU Data Protection Directive.

The Article 29 Working Party, noting the success of controller BCRs and citing the “growing interest of industry in such a tool,” provided initial guidance on processor BCRs in June 2012 through Working Document WP195 (which we previously covered here). WP195 presented a “toolbox” that laid out the criteria for approval of processor BCRs, as well as explanatory notes on the content expected in the processor BCRs. As of January 1, 2013, the EU began accepting applications for approval of processor BCRs.

Posted on April 30th, 2013 By Winston Maxwell and Lionel de Souza Posted in International/EU Privacy

French CNIL Annual Report Shows Increased Complaints, Audits, Sanctions

On April 23, the French data protection authority, the CNIL (Commission Nationale de l’Informatique et des Libertés), published its annual report for 2012, emphasizing a significant increase in complaints, audits, and sanctions. We review each of these topics addressed by the CNIL’s report. Continue Reading

Posted on April 25th, 2013 By HL Chronicle of Data Protection Posted in Cybersecurity & Data Breaches, News & Events

Hogan Lovells Partner Testifies in US House of Representatives on Cybersecurity and Privacy

On April 25, Hogan Lovells partner Harriet Pearson testified before the US House of Representatives on the relationship between cybersecurity and privacy in business. The Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the House Committee on Homeland Security held a hearing on “Striking the Right Balance: Protecting our Nation’s Critical Infrastructure from Cyber Attack and Ensuring Privacy and Civil Liberties” to examine existing privacy protections and learn more about potential improvements. In her testimony, Pearson summarized the challenge:

The relationship between cybersecurity and privacy is complex. On the one hand, cybersecurity that protects data from intrusion, theft, and misuse obviously is a significant privacy safeguard. On the other hand, cybersecurity measures that monitor access and use can implicate the collection of personal information (or data that can be linked to individuals), and thus raises privacy concerns.

Posted on April 23rd, 2013 By HL Chronicle of Data Protection Posted in Cybersecurity & Data Breaches, News & Events

Hogan Lovells Sponsors Inaugural Cybersecurity Law Institute in Washington, DC

With cybersecurity now ranked as the top concern for general counsel and corporate board members, and with the regulatory and legislative landscape so active (e.g., the House’s passage of CISPA and the President’s Executive Order), Hogan Lovells is proud to be a sponsor of the inaugural Cybersecurity Law Institute, to be held at the Georgetown University Law Center in Washington, DC, on May 22–23, 2013.

Hogan Lovells partner Harriet Pearson, a co-chair of the Institute’s Advisory Board, said that “cybersecurity legal risks and issues are high-stakes, emerging, and complex. That’s why this inaugural program is so needed—to help build the legal community’s practical know-how and skills to advise on what has rapidly become one of the top enterprise risks in almost all industries.” She continued, “It’s not only the high-profile speakers, such as Deputy Attorney General James Cole, that will distinguish this event. Institute participants will take home practical insights gleaned from the program’s fast-paced and realistic simulations of lawyers, business leaders, law enforcement officials, and technologists working together to handle the kinds of cyber attacks increasingly common across industries.”

Posted on April 16th, 2013 By HL Chronicle of Data Protection Posted in Privacy & Security Litigation

Limiting Litigation Risks from Privacy and Data Security Missteps

In Bloomberg BNA’s Privacy and Security Law Report, Hogan Lovells attorneys Des Hogan, Michelle Kisloff, and Christopher Wolf have published an article describing the higher-risk litigation and enforcement environment in which companies in the United States now operate. After analyzing recent class actions and regulatory developments, the article offers guidance on how companies can reduce their financial and reputational exposure.

Click here to read the article. James Denvil, an associate in our Washington office, contributed to the article.

Privacy & Information Security News & Trends

About Us